1. API
VA-POBO-V2
  • API
    • Webhook
    • Idempotent Requests
    • Crypto Payment
      • Crypto Checkout
        • Create Crypto Checkout
        • Create Crypto Checkout Link
        • Crypto Checkout Wallet Connection
        • Generate POS Payment Request
        • Close Crypto Checkout
        • Get Convertible Cryptos
        • Get Crypto Checkout
        • Get Crypto Checkout Link
        • Get Crypto Checkout Currencies
        • Crypto Checkout Webhook
      • Crypto Deposit
        • Update Crypto Deposit Travel Rule Info
        • Add TravelRule Info
        • Get Crypto Deposit Wallet
        • Get Crypto Deposit Wallet 1231
        • Get Crypto Deposit
        • Get Crypto Deposit History
        • Get Crypto Deposit History 1230
        • Crypto Deposit Webhook
      • Crypto Withdrawal
        • Create Crypto Withdrawal
        • Register Wallet Address
        • Remove Wallet Address
        • Get Crypto Withdrawal
        • Get Crypto Withdrawal History
        • Get Wallet Address
        • Crypto Withdrawal Webhook
        • Get Crypto Withdrawal History 0122
      • Crypto Collection
        • Buyer Management
          • Create Buyer
          • Get Buyer
          • Update Buyer
          • Buyer Status Webhook
        • Create Collection Wallet
        • Update Collection Wallet
        • Update Co-KYT status
        • Get Collection Wallet
        • Get Collection Wallet 0115
        • Get Crypto Collection
        • Crypto Collection Webhook
        • Crypto Collection Wallet Webhook
      • Crypto Refund
        • Create Crypto Refund
        • Confirm Crypto Refund
        • Confirm Crypto Refund 1229
        • Get Crypto Refund
        • Crypto Refund Webhook
      • currency & blockchain
        • Get Supported Blockchains
    • Fiat Payment(V2)
      • Bank Acount Management(V2)
        • Get Fiat Account Capabilities
        • Create Fiat Account Request
        • Submit Additional Information for Fiat Account Request
        • Create Fiat Account Application
        • onboarding+va
        • Get Fiat Account Application Status
        • Get Deposit Bank Account
        • Add Bank Account
        • Get Bank Accounts
        • Fiat Account Request Status Webhook
        • Get Fiat Account Capabilities(new)
        • Create Fiat Account Request(new)
        • Submit Additional Information for Fiat Account Request(new)
      • Withdrawal(V2)
        • Get Fiat Payout Capabilities
        • Get Fiat Withdrawal History
        • Create Fiat Withdrawal
        • Create Fiat Withdrawal(new)
        • Get Fiat Withdrawal Detail
        • pobo
        • Fiat Withdrawal Webhook
        • Get List of Currencies that Supports Same-Name Withdrawal
        • Fiat Payout Onboarding Status Webhook
        • Get Fiat Payout Capabilities(new)
        • Onboard Fiat Payout Capability
        • Onboard Fiat Payout Capability(new)
        • Submit Additional Information for Fiat Withdrawal Request
        • Submit Additional Information for Fiat Withdrawal Request(new)
        • Submit Additional Information for Fiat Payout Capability Onboarding
        • Submit Additional Information for Fiat Payout Capability Onboarding(new)
      • Deposit
        • Get Fiat Deposit Detail
        • Get Fiat Deposit History
        • Fiat Deposit Webhook
    • Authentication
      • Get Token
    • Account Management
      • Internal Transfer
      • Get Statement
      • Get Balance
      • Get Balance 0119
      • Get Internal Transfer
    • Merchant Management
      • Create Merchant
      • Create Merchant 260104
      • Update Merchant
      • Get Merchant
      • Merchant Status Webhook
      • Create Merchant Copy
    • Conversion
      • Create Quotation
      • Create Conversion
      • Get Quotation
      • Get Conversion
      • Get Conversion History
      • Conversion Webhook
    • Settlement
      • Get Settlement Statement
      • Settlement Status Webhook
    • Tool
      • Upload File Copy
      • getTnC
      • Upload File
  1. API

Webhook

Introduction#

You can configure webhooks to monitor events on your account, enabling your system to receive notifications.
CAMP relies on webhooks to notify you whenever an event occurred on your account, such as the completion of transactions. This is useful for handling asynchronous operation in real time.
To use webhooks with your CAMP integration:
1.
Create a webhook endpoint in your system.
2.
Contact MetaComp at api_support@mce.sg and provide your webhook endpoint to be added to our backend.
3.
Simulate an event to test your webhook endpoint.
4.
Implement validation of webhook signatures. (Optional)

Webhook Request#

Below are the following webhook notifications that you can set up:
Create End User Account Status
Deposit Status
Withdrawal Status
OTC Trading Status
Payment Request Status

Webhook Retry Logic#

To acknowledge receipt of an event, your endpoint must return a 2xx HTTP status code to CAMP and the response format should be application/json. Otherwise CAMP will assume the event was not received and it will retry the webhook for up to 24 hours using an exponential backoff strategy.

Webhook Verification#

About verifying webhook#

Once your system is configured to receive payloads, it will listen for any delivery that is sent to the configured endpoint. To ensure that your system only processess webhook deliveries that were sent by CAMP and ensure that the delivery was not tampered, you should verify the webhook signature before processing them.

To verify webhook signature#

There will be X-Signature header included in all webhooks that contains a timestamp and a signature that you need to verify. The timestamp has a t= prefix, and signature has a v0= prefix.
X-Signature: 
t=1758867971711,
v0=b2468f1bc285eb64be242ee6d02e3c959dfb61482abe47ddb50da4b6be55997e

Steps to verify webhook signature#

Step 1: Get the secret key#

Go API Integration page to retrieve the secret key that used to generate signature.

Step 2: Extract timestamp and signature#

Split the header using , character as the delimiter and get the values for timestamp t and signature v0.

Step 3: Prepare the signed_message string#

Concatenate the timestamp and webhookData from the request body, separated by a _ character to form the signed_message.

Step 4: Compute the expected signature#

Use the secret key as private key and use hash-based message authentication code (HMAC) with SHA-256 algorithm to encrypt the signed_message to generate the expected signature.

Step 5: Compare the signature#

Compare the signature in the webhook request payload with the expected signature.

Preventing replay attacks#

To prevent replay attacks, you may like to check the timestamp t against the current time and reject events that are too old. It is recommended to have a tolerance of 3 minutes between the timestamp and current time.
Modified at 2025-12-02 07:11:45
Next
Idempotent Requests
Built with